Merge pull request #109 from jellemdekker/fix/expired-crl

Extended the expiration date of the certificate revocation list to 10 years
2024-11-25 02:09:03 +01:00 · 2017-10-03 10:10:56 +02:00 · 2017-10-03 10:10:56 +02:00 · b61973516b
commit b61973516b
parent 37d42e25fe 603d6747b9
1 changed files with 2 additions and 2 deletions
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@ -137,7 +137,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 			CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
 			cd /etc/openvpn/easy-rsa/
 			./easyrsa --batch revoke $CLIENT
-			./easyrsa gen-crl
+			EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
 			rm -rf pki/reqs/$CLIENT.req
 			rm -rf pki/private/$CLIENT.key
 			rm -rf pki/issued/$CLIENT.crt
@ -418,7 +418,7 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
 	openssl dhparam -out dh.pem $DH_KEY_SIZE
 	./easyrsa build-server-full server nopass
 	./easyrsa build-client-full $CLIENT nopass
-	./easyrsa gen-crl
+	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
 	# generate tls-auth key
 	openvpn --genkey --secret /etc/openvpn/tls-auth.key
 	# Move all the generated files